Meta’s AI support assistant has been exploited by hackers to take over multiple Instagram accounts, despite claims that it would simplify the account recovery process for locked-out users. Security researchers stated that the AI tool made it easy for malicious actors to hijack accounts, even those protected by two-factor authentication. Reports of the exploit began circulating over the weekend, with numerous researchers flagging the issue on X, sharing details, screenshots, and videos on Telegram.

Hackers reportedly used the AI support chatbot to request changes to the email addresses linked to targeted accounts and to ask for password resets. While Meta has responded to the situation, it is currently unclear how many accounts may have been compromised before the vulnerability was patched.

Discussions about the vulnerability had reportedly been occurring on Telegram since March, as reported by 404 Media. Meta’s Vice President of Communications, Andy Stone, stated, “This issue has been resolved and we are securing impacted accounts.” Although details about the security flaw have not been disclosed, it appears to have been related to the AI support tool’s reliance on users’ physical locations for verification purposes. The exploit involved hackers using a VPN to match their location to that of the targeted account holder.

The timing of the exploit corresponds with a rise in high-profile hacks, including one affecting the Obama White House account, which posted an AI-generated image claiming “the White House is under Shiites’ control.” Meta confirmed the hack of the Obama account but did not elaborate on the method used or potential perpetrators. Other potentially affected accounts include those belonging to beauty retailer Sephora and a high-ranking Space Force official, according to 404 Media.


Featured image credit